Torrent download = endless Portscans?  Help me please!

Posted on 2009-04-22
Last Modified: 2013-11-21
Dear EE,

1.)  I have an Astaro ASG220 firewall defending my corporate network.  However, my question is not specific to Astaro's.

2.)  I run the premium (pay version) of AVG 8.5 on my laptop.  I had to disable the software firewall because it conflicted with Appriver hosted exchange.  So I'm using AVG 8.5 without any software firewall.  

3.)  THE PROBLEM:  Everytime anybody on my LAN starts a torrent download - I receive an endless stream of 'portscans' warnings from the Astaro that lists the host's IP address the portscans are coming from.  I just started a 7-hour torrent for Fedora-10-x86_64-CDs (something I would expect to be clean) that I simply must download for tomorrow - no excuses.  You guessed it - the instant I started the download - the Astaro starts sending me portscan warnings.  Super frustrating!  How is it possible that every torrent is "infected" with a portscan viruses?

4.)  MAIN QUESTION:  What precautions can I make to neutralize portscans prior, during, after a torrent download?  How do you neutralize active portscans - without killing a critical download?

5.)  FYI:  It has been roughly (100) minutes since I began the download - I have transmitted over (300) portscans from my laptop that my Astaro has warned on.

6.)  PEOPLE WITHOUT HARDWARE FIREWALLS THAT LIKE TORRENT:  Take it from me - lately - ALL torrents are infected with portscans.  Yes ALL of them.  I don't pretend to know why or how.  My point is only that you should pay attention to the steps to neutralize portscans even though you don't have a firewall confirming that you're sending portscans.  Be careful.

Question by:buymycorp
    LVL 8

    Expert Comment

    by:Bradley Haynes
    Some torrent sites have various ports they use to transfer files. To determine what port you have listening a scan may be done.
    In your Firewall you can make a specific exception for the application/torrent client.
    Also set up a DMZ so you can "Clean" all the torrents downloaded before they are injected into your production network.

    Author Comment

    The torrent was finished when I arrived back at work this morning.  The finished Fedora_10 cd's were in my torrents\completed folder.  I erased & removed the torrent from the Utorrent client before closing the Utorrent client.  I then burned my (6) CD's and then DELETED EVERYTHING to do with the torrent and downloaded files.

     I'm still receiving portscan warnings from the Astaro every 2 or 3 mintues!!!!  Luckily I have Appriver and they have no mailbox limit!  My mailbox had 1,600 warning emails this morning .  

    Again, I don't want to know how to dumb-down my Astaro.  I want to know how to neutralize this portscan.  I'm going to reboot and see if that helps.    
    LVL 8

    Accepted Solution

    What OS are you running?
    Also, set the torrent client to one port and create a tunnel thru the router to that port.
    Create a rule in the firewall for that port to allow traffic. If you can limit the time window to the hours that you know ppl will be using their torrent client.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
    With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now